Unsolicited Remote Assistance for Windows XP and Windows 7

Unsolicited Remote Assistance version 1.2_RD for Windows XP and Windows 7 (I imagine it would also work with Vista).

Additional Support files required - be sure to read this entire note!

Remotely control a computer via Remote Assistance without requiring the user to either accept the incoming connection or grant the 'Expert' remote control permissions.

*** Description:

This script allows you to connect to a computer via Remote Assistance without requiring remote assistance solicitation from the user needing help.

The script asks you for a computer name, and will ping the remote computer via WMI, then copy three modified help center htm files to the remote station (as well as the local station) which allows the unsolicited connection to be made. On the remote user's side, the updated htm file will automatically select the 'allow control' option for the remotely connected expert.

Once the connection is made, the expert can click 'Take Control' without prompting the user to do anything further.

Once the expert has finished with the session to the remote machine, an original copy of the htm files are sent back to the computer.

This script was primarily written by 'DGrundel', and the changes to the HTM files were made by 'DGrundel' and Lewis Roberts. I made some changes to the vbscript below that allows for systems that have Windows installed in a folder other than the c:\ drive.

*** What you need to get started:

In addition to this script, you need the following modified files:
* helpeeaccept.htm
* TakeControlMsgs.htm
* UnSolicitedRCUI.htm

You must modify the following variables within the script to reflect where your modified htm files are stored:

* strOriginalFiles
* strCustomFiles

Note that you must not use leading or trailing backslashes in the path as it uses the script's path as a starting point (relative path).

*** Limitations and Security requirements:

If no one is logged into the remote computer at the time when a person attempts a connection, the remote assistance will abort - - it needs a person on the other end (at least logged in currently) to work.

The person requesting access to the remote station must have administrative rights on the remote computer and WMI database (enabled by default)

WMI must be enabled on the remote station (enabled by default)

The firewall must allow remote assistance connections. If you wish to implement this script in a company environment for support purposes, you must ensure that the 'Offer Remote Assistance' policy setting is enabled and applied to the computer(s) you wish to control.

Note that remote Windows 7 users will still need to accept the RA session from the Expert. Windows 7 to XP connections work unsolicited as before.

Source Code

This script has not been checked by Spiceworks. Please understand the risks before using it.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

'Unsolicited Remote Assistance version 1.2_RD - 9/24/10'Thanks to Kevin Bumber''Remotely control a computer via Remote Assistance without requiring the user' to either accept the incoming connection or grant the 'Expert' remote' control permissions.''*** Description:''This script allows you to connect to a computer via Remote Assistance without' requiring remote assistance solicitation from the user needing help.''The script asks you for a computer name, and will ping the remote' computer via WMI, then copy three modified help center htm files to the' remote station (as well as the local station) which allows the unsolicited' connection to be made. On the remote user's side, the updated htm file' will automatically select the 'allow control' option for the remotely' connected expert.''Once the connection is made, the expert can click 'Take Control' without' prompting the user to do anything further.''Once the expert has finished with the session to the remote machine,' an original copy of the htm files are sent back to the computer.''*** Credits:''http://dgrundel.wordpress.com/2007/10/04/unsolicited-remote-assistance/'http://www.lewisroberts.com/?p=40''This script was primarily written by 'DGrundel', and the changes to the' HTM files were made by 'DGrundel' and Lewis Roberts. I made some' changes to the vbscript below that allows for systems that have Windows' installed in a folder other than the c:\ drive.''Modifed by: Rob Dunn'Email: uphold at (two-thousand-one) @ hotmail dot com'Website: http://www.vbshf.com''Some other tweaks by Kevin Bumber (co-worker) - Thanks!''*** What you need to get started:''In addition to this script, you need the following modified files:' * helpeeaccept.htm' * TakeControlMsgs.htm' * UnSolicitedRCUI.htm''You can copy the originals (search your %windir%\pchealth folders for them)' and modify them per the instructions specified at DGrundel's website:' http://dgrundel.wordpress.com/2007/10/04/unsolicited-remote-assistance/''You must modify the following variables within the script to reflect where' your modified htm files are stored:'' * strOriginalFiles' * strCustomFiles''Note that you must not use leading or trailing backslashes in the path' as it uses the script's path as a starting point (relative path).''*** Limitations and Security requirements:''If no one is logged into the remote computer at the time when a person' attempts a connection, the remote assistance will abort - - it needs' a person on the other end (at least logged in currently) to work.''The person requesting access to the remote station must have administrative' rights on the remote computer and WMI database (enabled by default)''WMI must be enabled on the remote station (enabled by default)''The firewall must allow remote assistance connections. If you wish to' implement this script in a company environment for support purposes,' you must ensure that the 'Offer Remote Assistance' policy setting' is enabled and applied to the computer(s) you wish to control.''*** Considerations:''If the connection to the remote computer is broken before the 'Expert'' finishes the session, the original htm Help Center files are never' re-copied back to the remote computer, thus opening up a potential' security vulnerability. If this happens, you should attempt to' re-connect to the remote computer again with the script, disconnect' immediately, and the original htm files will be copied over as a result.''This last point is something I am considering on improving, potentially' with an automated scheduled task.'***********************************************************************' Start User Variables'***********************************************************************'Relative path to original files (no leading or trailing backslashes) from' where this script is located.strOriginalFiles="Data\Original"'Relative path to custom files (no leading or trailing backslashes) from' where this script is located.strCustomFiles="Data\Custom"'**********************************************************************' End User Variables'**********************************************************************SetobjFSO=CreateObject("Scripting.FileSystemObject")SetWshShell=CreateObject("WScript.Shell")DimstrRemoteDrive,LocalWindir,RemoteWindir,sCommand,strHostSetobjArgs=WScript.Arguments'*******************'Get command-line argumentsIfobjargs.count<>0ThenForI=0toobjArgs.Count-1IfInStr(1,LCase(objargs(I)),"computer:")ThenarrComputer=split(lcase(objargs(I)),"computer:")strHost=arrComputer(1)EndIfNextElsestrHost=InputBox("Enter host name")EndIf'Verify a host name was actually entered.IfLen(strHost)>0Then'Ping the hostIfPingStatus(strHost)<>"Success"ThenMsgBox"Error: Unable to ping "&strHostWScript.QuitEndIflocalOS=GetLocalOS()remoteOS=GetRemoteOS()'Edited by BUMBER!!!!Ifinstr(localOS,"Windows 7")>0andinstr(remoteOS,"Windows 7")>0thenConnectFromNonXP(strHost)ElseIfinstr(localOS,"Windows 7")thenConnectFromNonXP(strHost)ElsestrRemoteDrive=replace(GetDrive(strHost),":","")strLocalDrive=GetDrive(".")ConnectFromXP(strHost)EndIfEndIfFunctionConnectFromNonXP(strHost)sCommand="msra.exe /offerra "&strHostSetWshShell=Wscript.CreateObject("WScript.Shell")WshShell.Run(sCommand)EndFunctionFunctionConnectFromXP(strHost)'Verify you can connect to C$IfNotobjFSO.FolderExists("\\"&strHost&"\"&strRemoteDrive&"$")ThenMsgBox"Error: Unable to access \\"&strHost&"\"&strRemoteDrive&"$"WScript.QuitEndIfstrScriptPath=Left(WScript.ScriptFullName,InStrRev(WScript.ScriptFullName,"\"))'Copying custom (security removed) helpeeaccept.htm to the remote machine.objFSO.CopyFilestrScriptPath&strCustomFiles&"\helpeeaccept.htm","\\"&strHost&"\"&strRemoteDrive&"$\Windows\pchealth\helpctr\System\Remote Assistance\helpeeaccept.htm",True'Copying custom (security removed) TakeControlMsgs.htm to the remote machine.objFSO.CopyFilestrScriptPath&strCustomFiles&"\TakeControlMsgs.htm","\\"&strHost&"\"&RemoteWindir&"\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm",True'Opening custom UnSolicitedRCUI.htm and reading the file into a variable so we can customize the file.SetobjFile=objFSO.OpenTextFile(strScriptPath&strCustomFiles&"\UnSolicitedRCUI.htm",1)strText=objFile.ReadAllobjFile.Close'Modifying the contents of the file so that it includes the desired host name.strNewText=Replace(strText,"idComputerName.value = ""CHANGEME"";","idComputerName.value ="""&strHost&""";")'Writing the modified, custom UnSolicitedRCUI.htm to the local machine.SetobjFile=objFSO.OpenTextFile(LocalWindir&"\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm",2,True)objFile.WritestrNewTextobjFile.Close'Using WMI to run the modified, custom UnSolicitedRCUI.htm and get the process ID for later use.strComputer="."SetobjWMIService=GetObject("winmgmts:\\"&strComputer&"\root\cimv2:Win32_Process")objWMIService.CreateLocalWindir&"\PCHealth\HelpCtr\Binaries\helpctr.exe -url "&"hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/unsolicited/UnSolicitedRCUI.htm",null,null,intProcessID'Setting up an event notification to alert the script whenever a new process is created,'so we know when the process we created creates a child process (which will be the remote'assistance interface.)strComputer="."SetobjWMIService=GetObject("winmgmts:\\"&strComputer&"\root\cimv2")SetcolItems=objWMIService.ExecNotificationQuery("Select * From __InstanceCreationEvent Within 1 Where TargetInstance ISA 'Win32_Process'")'Script stays in this loop until the process above creates a child process.DoSetobjProcess=colItems.NextEvent'Script halts here until a new process is created.IfobjProcess.TargetInstance.ParentProcessId=intProcessIDThen'Checks the Parent PID of the created process to see if its the child we want.intChildPID=objProcess.TargetInstance.ProcessId'Store the process ID of the child process so we monitor it below.ExitDoEndIfLoop'Now that our original process has created a child process, we can terminate it.'The code below loops through all processes with image name "helpctr.exe" and'terminates the one with our original ProcessID.SetcolItems=objWMIService.ExecQuery("Select * From Win32_Process Where Name = 'helpctr.exe'")ForEachobjProcessIncolItemsIfobjProcess.ProcessId=intProcessIDThenobjProcess.TerminateEndIfNext'Now we monitor for the child process to be closed manually by the remote assistance(RA) expert.SetcolItems=objWMIService.ExecNotificationQuery("Select * From __InstanceDeletionEvent Within 1 Where TargetInstance ISA 'Win32_Process'")'Script stays in this loop until the child process is closed.DoSetobjProcess=colItems.NextEvent'Script halts here until a process is terminated.IfobjProcess.TargetInstance.ProcessID=intChildPIDThen'Checks to see if the terminated process was our child process.ExitDoEndIfLoop'MsgBox "Click OK when you are finished assisting the remote machine."OnErrorResumeNext'When the RA expert disconnects from the remote machine, the remote user sees a message that the expert'has disconnected and also is left with the RA chat interface window open. The code below kills helpctr.exe'on the remote machine, so the user on the remote machine doesn't have to.strComputer=strHostSetobjWMIService=GetObject("winmgmts:\\"&strComputer&"\root\cimv2")SetcolItems=objWMIService.ExecQuery("Select * From Win32_Process Where Name = 'helpctr.exe'")ForEachobjProcessIncolItemsobjProcess.TerminateNext'Replacing the custom helpeeaccept.htm we copied in the beginning with the secure original that came with the OS.objFSO.CopyFilestrScriptPath&strOriginalFiles&"\helpeeaccept.htm","\\"&strHost&"\"&RemoteWindir&"\pchealth\helpctr\System\Remote Assistance\helpeeaccept.htm",True'Replacing the custom TakeControlMsgs.htm we copied in the beginning with the secure original that came with the OS.objFSO.CopyFilestrScriptPath&strOriginalFiles&"\TakeControlMsgs.htm","\\"&strHost&"\"&RemoteWindir&"\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm",True'Replacing the custom UnSolicitedRCUI.htm on the local machine with the original that came with the OS.objFSO.CopyFilestrScriptPath&strOriginalFiles&"\UnSolicitedRCUI.htm",LocalWindir&"\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm",TrueEndFunction'ConnectFromXPFunctionPingStatus(strComputer)'PingStatus function from http://www.microsoft.com/technet/scriptcenter/resources/scriptshop/shop1205.mspxOnErrorResumeNextstrWorkstation="."SetobjWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!\\"&strWorkstation&"\root\cimv2")SetcolPings=objWMIService.ExecQuery("SELECT * FROM Win32_PingStatus WHERE Address = '"&strComputer&"'")ForEachobjPingincolPingsSelectCaseobjPing.StatusCodeCase0PingStatus="Success"Case11001PingStatus="Status code 11001 - Buffer Too Small"Case11002PingStatus="Status code 11002 - Destination Net Unreachable"Case11003PingStatus="Status code 11003 - Destination Host Unreachable"Case11004PingStatus="Status code 11004 - Destination Protocol Unreachable"Case11005PingStatus="Status code 11005 - Destination Port Unreachable"Case11006PingStatus="Status code 11006 - No Resources"Case11007PingStatus="Status code 11007 - Bad Option"Case11008PingStatus="Status code 11008 - Hardware Error"Case11009PingStatus="Status code 11009 - Packet Too Big"Case11010PingStatus="Status code 11010 - Request Timed Out"Case11011PingStatus="Status code 11011 - Bad Request"Case11012PingStatus="Status code 11012 - Bad Route"Case11013PingStatus="Status code 11013 - TimeToLive Expired Transit"Case11014PingStatus="Status code 11014 - TimeToLive Expired Reassembly"Case11015PingStatus="Status code 11015 - Parameter Problem"Case11016PingStatus="Status code 11016 - Source Quench"Case11017PingStatus="Status code 11017 - Option Too Big"Case11018PingStatus="Status code 11018 - Bad Destination"Case11032PingStatus="Status code 11032 - Negotiating IPSEC"Case11050PingStatus="Status code 11050 - General Failure"CaseElsePingStatus="Status code "&objPing.StatusCode&" - Unable to determine cause of failure."EndSelectNextOnErrorGoto0EndFunction'Get the version of OS for the local computerFunctionGetLocalOS()SetoWMIService=GetObject("winmgmts:\\.\root\CIMV2")SetcolItems=oWMIService.ExecQuery("SELECT Caption FROM Win32_OperatingSystem")ForEachoItemIncolItemsGetLocalOS=oItem.captionNextEndFunctionFunctionGetRemoteOS()SetoWMIService=GetObject("winmgmts:\\"&strHost&"\root\CIMV2")SetcolItems=oWMIService.ExecQuery("SELECT Caption FROM Win32_OperatingSystem")ForEachoItemIncolItemsGetRemoteOS=oItem.captionNextEndFunction'Get the local windows folder.FunctionGetDrive(sComputer)SetoWMIService=GetObject("winmgmts:\\"&sComputer&"\root\CIMV2")SetcolItems=oWMIService.ExecQuery("SELECT Caption, SystemDrive, WindowsDirectory FROM Win32_OperatingSystem")ForEachoItemIncolItemsGetDrive=oItem.SystemDriveIfsComputer="."ThenLocalWindir=oItem.WindowsDirectoryElseRemoteWindir=replace(oItem.WindowsDirectory,":","$")EndifNextEndFunction

I have to check this out with 7. I know that someone had tried it with Vista, and the remote assistance app was completely different than what was included with XP...so, yep, a major rewrite would be in the works there!

Does a similar mod to what I did almost 5 years ago here, only I manually edited one file then copied that file over the originals with a script. Yah, no solution for Vista/Win7 yet though :( they use executables instead of the scripts they used in XP.

btw - updated this to work with Windows 7, although it won't work completely unsolicited.
I think I still need to modify it so the 7 to XP piece works completely without prompt (right now it will prompt on the other side). FYI!

I modified an XP version to work with windows 7 and it does Windows 7 to windows 7 completely unsolicited as well :)
http://community.spiceworks.com/scripts/show/1039-full-unsolicited-windows-7-remote-assistance